The History of DDoS Attacks as a Tool of Protest

In a new book, Molly Sauter tracks the use of DDoS as an online equivalent to the real-world sit-in.

Although the web is only a quarter of a century old, it already has a rich history as a platform for worldwide protest. One common tool used by online activists is the distributed denial of service attack, or DDoS: a technologically crude tactic that involves sending so many requests to a target website that it crashes.

"DDoS has been around as an activist tactic probably since the early 90s," Molly Sauter, a research affiliate at Harvard University's Berkman Center for Internet and Society and doctoral student at McGill University, told me.

The earliest example of a DDoS attack that Sauter found in her research was implemented by the Strano Network, an Italian collective that launched an attack in 1995 to protest against the French government's nuclear policy.

Back then, DDoS attacks were laborious, manual affairs, requiring participants to constantly remain at their computer. And because having an internet connection was relatively expensive, they couldn't last for long. The attack in this case only endured for about an hour.

The next major milestone was the use of DDoS by the Electronic Disturbance Theater (EDT). Originating in the 90s, and attracting the attention of the media by the end of the decade, the hacktivist group described DDoS as akin to a "virtual sit-in." One thing that separated them from their predecessors was their use of tools developed in-house, which allowed anyone outside of the organisation to join in.

Their kit, called FloodNet, directed a user's traffic to a target predetermined by the EDT, which included the websites of politicians and the White House. Those wishing to join the "sit-in" simply selected their target from a drop down menu, clicked attack, and relaxed while FloodNet automatically bombarded the offending server.

The well-known hacker collective Anonymous took this idea of crowd-sourced activism further, and popularised the idea of voluntary botnets. Often used by criminals, a botnet is a large number of systems, all linked together, which give whoever is in charge of them a whole lot of processing power to wield.

DDoS is incredibly simplistic, at a purely technological level.

By using the hacker-designed software Low Orbit Ion Cannon, and its subsequent upgrades, participants could connect their computer to a vast network and have it donate resources to DDoS attacks.

And that pretty much brings us up to today. "DDoS is incredibly simplistic, at a purely technological level," Sauter said. "While there might be individual innovations in ways of masking or multiplying traffic, it's not actually going to get much more advanced than that."

But it's not just the technical details of DDoS that have mutated over the years. The scale of attacks using the device has developed, too. "Groups have become better at attracting, acknowledging and manipulating media coverage in order to attract more participants," Sauter explained.

While earlier groups just did their own thing, Anonymous managed to engage those outside of their immediate cohort more readily.

With their iconic imagery, popular Twitter accounts and evocative videos, the media had a lot of material to work with. The press lacked any sort of official spokesperson of Anonymous to talk to—"So they just tended to reproduce these artifacts in media coverage, which did the work of recruitment for Anonymous," Sauter observed. "Anonymous didn't have to do a lot of 'active' outreach. That was being done for them."

What actually constitutes a 'successful' DDoS attack has also changed. "In the 90s, you could sit in front of your computer with your friends, go to whitehouse.gov, click refresh a bunch of times, and you had a significant chance of the website crashing," said Sauter. An industry has since emerged to offer protection from DDoS attacks, so crashing a major service today is rarer, though still possible with some serious fire-power.

But there's another way to measure the success of DDoS actions than just website down time. Sauter explained that, when it comes to activism in general, "The logic of change is that you have an action, you get covered in the press, then politicians and the public react to the press coverage, not so much the action itself." This overall impact is perhaps more important than how long a specific website is technically inaccessible. As Sauter said, "The question of what success means is fairly up in the air."

Some argue that DDoS as a protest tool should be formally recognised as political speech, and enjoy the same free-speech protections as street marches, for example. Jay Leiderman, a criminal defense lawyer, has argued that DDoS is a first amendment issue in defence of the "PayPal 14," a group of WikiLeaks supporters involved in a DDoS attack against the e-commerce business.

CIVIL DISOBEDIENCE AND OTHER TYPES OF ORGANISED LAW BREAKING ONLINE ARE STILL CONSIDERED VERY MUCH FRINGE ACTIVITIES.

But DDoS can of course also be used for much less sympathetic purposes. "The biggest problem that activist DDoS faces in terms of its fight for legitimacy is criminal DDoS," said Sauter. "DDoS is a very popular tactic in terms of harassment, extortion and other criminality."

Furthermore, Sauter suggested that online activism in general still isn't really accepted because it remains an alien concept to many people. "Civil disobedience and other types of organised law breaking online are still considered very much fringe activities because there isn't an understanding that civil disobedience is something that you can do on the internet," Sauter said. "That I hope is something that will change, but it will take a legal challenge."

But Sauter feels that political DDoS will continue to gain popularity when it comes to activism, and that it might even have something more to give.

Whether it's the Electronic Disturbance Theater protesting against neoliberalism, or Anonymous rising up to fight what they see as injustices, DDoS actions do not exist in a vacuum. Today, politically motivated DDoS is often part of a broader activist culture in the information age. Sauter suggested it could therefore introduce activists to other ideas, "such as information exfiltration, and leaking, and the construction of alternative infrastructures to replace the corporate-dominated and government-surveilled that are currently the main ways of socialising and communicating online."

In short, DDoS attacks in activist circles can be about more than just crashing a few servers.